2

In my bash script file, I try to use expect to provide password for ssh command but it doesn't work. Here is my script:

#!/bin/bash

/usr/bin/expect << EOD
spawn ssh root@192.168.1.201
expect "root@192.168.1.201's password:"
send "mypassword\r"
interact
expect eof
EOD

And the output after I execute the script:

[oracle@BTMVNSRV191 Desktop]$ ./login.sh
spawn ssh root@192.168.1.201
root@192.168.1.201's password: [oracle@BTMVNSRV191 Desktop]$

Could someone let me know, how to use expect in my script without changing #!/bin/bash to #!/usr/bin/expect?

brasofilo
  • 25,496
  • 15
  • 91
  • 179
Hoang Nguyen huu
  • 87
  • 3
  • 10
  • 1
    What @ruakh said, + change the root password right now... – janos Dec 13 '13 at 10:20
  • 2
    possible duplicate of [Use expect in bash script to provide password to SSH command](http://stackoverflow.com/questions/4780893/use-expect-in-bash-script-to-provide-password-to-ssh-command) –  Dec 13 '13 at 10:20
  • And in any case please use key authentication rather than a hack with `expect` – janos Dec 13 '13 at 10:21
  • @RC I have flowed this topic but could not solve my problem. – Hoang Nguyen huu Dec 13 '13 at 10:26

2 Answers2

4

The following works as a single line of bash script in OS X Terminal. It was only intended for use on a firewall protected LAN. Further details at my original post.

expect -c 'spawn ssh -o StrictHostKeyChecking=no remote-user@remote-IP; 
expect assword; send remote-password\r; expect remote-user$; 
send "sudo shutdown -h +1\r"; expect assword; send remote-password\r; interact'
Neville Hillyer
  • 354
  • 1
  • 10
3

ssh (and any other password reading tool) reads its password not from its standard input. It uses some tricky ioctl()-s on its terminal device. This is because you can't give them your password in a pipe.

It is not really a big problem, because widely used cleartext passwords caused more harm as if sometimes we need to find some alternative, password-less solution.

In cases of the ssh, there is a very simple thing for that. Google for ssh-keygen. I suggest to use that, configure a passwordless ssh and everything will be fine.

peterh
  • 11,875
  • 18
  • 85
  • 108
  • Thank you so much @Peter Horvath, it is a really useful knowledge. Beside ssh, in bash script file, I also have the same problem when automatically provide password for other commands ex: scp, su... Could you tell me the general solution for this issue. I just asked for ssh because I thought that they have the same solution. – Hoang Nguyen huu Dec 13 '13 at 11:31
  • There is none. Ssh and scp goes with ssh-keygen. Su has no solution, but there is sudo, which has. Don't forget the upvote, please. :-) – peterh Dec 13 '13 at 11:48
  • I really wanna to do that but I haven't had permission. It's so sorry. – Hoang Nguyen huu Dec 14 '13 at 12:48
  • Well, it could be done by low-level ptrace()-ing or with the same type of ttyp manipulation, but it were harder as some simple ssh-keygen command. – peterh Dec 14 '13 at 14:07
  • Thank you so much sir, as you said it is much better but more hader and I'm very interested in researching this. – Hoang Nguyen huu Dec 16 '13 at 01:52
  • @HoangNguyenhuu First you should investigate, how are doing these tools the direct password read. The ttys are in unix effectly client-server things, as the tcp ports, maybe their manipulation with good ioctl() calls is possible. But it is not sure. It were the better solution. Or as an alternate, you could hack them with ptrace(). It meaned that you manipulate them as if a debugger did. – peterh Dec 16 '13 at 01:56
  • Oh! In fact, I don't know this problem is too big as this :). – Hoang Nguyen huu Dec 16 '13 at 02:30
  • @HoangNguyenhuu Yes. This is because I suggested the ssh-keygen solution from the begin. But if you developed a such tool, it caused only the appearance of widely used cleartext passwords everywhere, which nobody wants. – peterh Dec 16 '13 at 02:32
  • That's right sir. Usually, the hard way goes with good solution. – Hoang Nguyen huu Dec 16 '13 at 03:05